Object authority manager (OAM)
The authorization service component supplied with the WebSphere® MQ products is called the Object Authority Manager (OAM).
By default, the OAM is active and works with the control commands dspmqaut (display authority),dmpmqaut (dump authority), and setmqaut (set or reset authority).
The syntax of these commands and how to use them are described in The control commands.
- On UNIX and Linux® systems:
- the principal is a user ID, or an ID associated with an application program running on behalf of a user.
- the group is a UNIX or Linux system-defined collection of principals.
- Authorizations can be granted or revoked at the group level only. A request to grant or revoke a user's authority updates the primary group for that user.
- On Windows systems:
- the principal is a Windows user ID, or an ID associated with an application program running on behalf of a user.
- the group is a Windows group.
- Authorizations can be granted or revoked at the principal or group level.
- Perform the requested operation.
- Access the specified queue manager resources.
The authorization service enables you to augment or replace the authority checking provided for queue managers by writing your own authorization service component.